Businesses around the world are prone to risks. As business owners, failing to put in place initiatives to minimize or eliminate risks is one of the main reasons why businesses collapse.
The measures taken to address these risks are known as controls. When a system of internal control is in place, achieving the business mission becomes a reality.
Internal controls involve people, attitudes, policies, and procedures. At Safaricom, a robust control environment exists, and this has ensured our continued success year after year.
An organisation’s Board of Directors and Executive Management shape the control environment. According to the Internal Controls Institute (ICI), there is no single correct control environment—but there are ten common attributes of an effective internal control environment that every organisation’s leadership can implement.
Here is a self-assessment checklist to evaluate whether your organisation’s control environment is in place:
1. Code of Conduct Policy:
Has your organisation implemented a policy defining the conduct expected from all employees and executive management in their day-to-day activities?
2. Corporate Values:
What values should employees uphold in their daily operations? For example: Integrity, Speed, Customer Obsession, Respect, etc.
3. CEO as a Role Model:
Do you, as the CEO or business owner, exhibit the characteristics you want your employees and business partners to emulate? What’s the tone at the top?
4. Organisation Structure:
Is your organisation’s structure well defined and clearly communicated? Are duties well segregated to ensure everyone knows their roles and responsibilities, and is the support matrix clear? This helps ensure the company mission is accomplished efficiently and effectively.
5. Competency of Personnel:
Do your staff have the right skills for their roles, and are they continuously trained and upskilled? Incompetent staff can unintentionally expose your business to risks, lower performance standards, and drive up operational costs through rework and delays.
6. Specific Delegation and Communication of Authority and Responsibility:
Do employees clearly understand their responsibilities, the limits of their authority, and what performance is expected of them?
7. General Authorization and Responsibility:
Is the scope of each employee’s authority and responsibility well defined? For example, a SIM registration staff member should know what is expected during the registration process—acceptable ID documents, customer presence, line activation steps, and cross-selling of products. If they engage in fraudulent activities, accountability and consequence management must follow. This discourages misconduct by others.
8. Internal Auditing:
Regardless of size, every business should consider having an internal audit function or resource to evaluate overall performance and the adequacy of and compliance with internal controls.
9. Asset Safeguarding:
What procedures are in place to protect organisational assets from theft, damage, or misuse?
10. Defined Work Processes:
Are detailed, step-by-step procedures established for key operations? For example: shop opening, sales, cash handling, customer onboarding, and after-sales service.
If your organisation identifies with the above attributes, it likely has a strong internal control environment. If not, it’s not too late to establish one.
